Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Crisis Communications: Preparing for the Inevitable Cyber Crisis
Kristin Miller, Webroot – @KristinMiller
Ashley Stewart, Webroot – @AJDenver
Agenda
Introductions
Crisis War Story
Building a Crisis Team
Crisis Activity
Introductions
What is your name?
What do you do?
What are you currently binging?
4 May 13, 2019 Public
We’ve seen some stuff
Death of a CEO of a publicly traded company
1
Undocumented worker crisis involving Arizona sheriff Joe Arpaio
2
C-level executive of an identity theft company being arrested
3
Hostage situation involving a fleeing bank robber
4
Accused of blocking Twitter access for most North American users
5
Disabling all business-customer computers for over 36 hours
6
Communicating a technical flaw that left virtually all computer users open to cybercriminals
7
Shutting down the internet for the entire eastern seaboard.
8
A or B
Scary Stats
Ransomware attackslast year
(Source: Statista)
184 Million
2018 financial loss from cybercrime in the U.S.
(Source: FBI)
2.7 Billion
(Source: 2018 Hiscox Small Business Cyber Risk Report)
of small businesses in the US have suffered a cyber attack.
50%
of passwords from a 2019 mega data dump were already leaked in other data breaches.
(Source: Troy Hunt)
86%
Why You’re Here
“It takes 20 years
to build a
reputation,
and five minutes
to ruin it.”
- Warren Buffet,
Berkshire Hathaway
Why You’re Here
“Five minutes
before the party
is not the time to
learn how
to dance.”
- Snoopy
War Story: False Positive
Who we are
EnterpriseSmall-to-medium
sized businessesConsumer
äX
War Room
Holding Statement
Other Communications
We Waited
We Went to Bed
DAY 1
War Room
Holding Statement
Other Communications
We Waited
We Went to Bed
DAY 1
Meanwhile
DAY 2
…
Stakeholders:
Customers
Social
Community/SpiceWorks
Media
Internal
War Room
Holding Statement
Other Communications
We Waited
We Went to Bed
DAY 1 DAY 2
DAY 3
# # #
1. Make a plan
2. Build relationships
3. Find media friends
4. Group chat
Before the crisis• Team roster• Approval process• Crisis matrix• Check list• Scenarios and sample statements• Quick start guide
1. Elect a Commander in Chief
2. Social media is the new source
3. Take shifts
4. Hustle behind the scenes
5. Think globally, act locally
During the crisis
1. Trust your gut
2. Don’t forget about scheduled programs
3. Keep it coming
4. Define the crisis end
5. Make better mistakes tomorrow
After the crisis
Crisis Teambuilding
Creating a core crisis group
Function Temperament
Crisis Commander
Communications
CIO / CISO
Marketing
Executive
Facilities
Product
Admin
Sales
Legal
HR
IT
Calm under pressure
Knowledgeable
Eagle eye view
Approachable
Collaborative
Responsible
Respected
Confident
Available
Decisive
Communications approval process plan
Data breach approval:
Draft
Marketing
CISO Product
Crisis Commander
Legal Executive
Sales
Communications Team
Communications approval process in action
Data breach approval:
Draft
Immediate boss / peers
Marketing Leadership
Key Stakeholder Copyeditor
CISO
Product
Crisis Commander
Legal
Executive
Sales
Communications Team
Lets
add...
Not what I
was
thinking…
I forgot to
tell you
about… Cybersecurity
is one word,
not 2
Yeah, no way
we can say
that.
Let me just
redo my
quote…
Where are we
with the
statement?
What is taking
so long!
Isn’t the product
guy on vacation?
Who is his
backup?
Approved Message Distribution
Message
Reporters
Social Media
Blog
Customers
Investors
Analysts
Regulatory Authorities
Board
Employees
Customer Support
Website
Community
Partners
Vendors
Topics especially interesting to the media
Local or regional hot buttons
Competitor crisis
Crisis Multipliers
Get Communications Involved
Translations
Hit Pause
Cell Phone Numbers
Internal!
Words matter in a crisis
Alarmist Words
Data breach
Hack
Attack
Criminals
Stole
Victim
Crisis
Alternatives
Data security incident / issue
Unauthorized access
Intruder
Removed/accessed
Target
Activity: In the Middle of the Mayhem
Crisis Scenario:
Social MenaceA disgruntled ex-employee has decided to badmouth your company on Twitter.
The employee has a bone to pick with how your company is doing business and
implies legal and ethical issues – cooking the books, cheating employees out of
pay and gender inequality issues.
What are your first three actions?
Who are your stakeholders?
Crisis Scenario:
Brush with the Dark Side
International Black Hat group, Dark Overlord, claims to have gotten ahold of some of your
company’s key intellectual property. They are blackmailing the corporate office with a ransom
of $5 million in Bitcoin. Dark Overlord is very savvy and not interested in anything but getting
paid.
What are your first three actions?
Who are your stakeholders?
Crisis Scenario:
Black Out
There is a sudden network outage on Tuesday at 9 a.m. ET. All internal servers
hosting your internal platform and ecommerce/external website are down.
What are your first three actions?
Who are your stakeholders?
Crisis Scenario:
DebriefWhat went right?
What went wrong?
What would you do differently next time?
Thank you!
Kristin Miller, Webroot – @KristinMiller
Ashley Stewart, Webroot – @AJDenver